Potential fix for code scanning alert no. 92: DOM text reinterpreted as HTML

[juliuskrah]

Potential fix for https://github.com/gitstore-dev/GitStore/security/code-scanning/92

Best fix: validate and normalize image URLs before storing/rendering them, and avoid rendering invalid/untrusted schemes in img.src.

Concretely in gitstore-admin/src/components/products/ProductForm.tsx:

• Add a small helper (inside component scope) that accepts only http: / https: URLs using new URL(...).
• In handleAddImage, sanitize imageInput.trim() and only append to formData.images if valid.
• In the image list render, compute sanitized URL and use it for <img src=...>, with a safe fallback (empty string) and loading hints.

This preserves current functionality (users still add normal image links) while blocking dangerous/malformed values and addressing all taint variants feeding the sink at line 420.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0979ccb915

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Remove duplicated button block after image map

The block starting at this line is a stray duplicate outside the formData.images.map(...) callback, leaving orphaned JSX (type="button" without an opening <button) and a second ))}/)) sequence; this breaks TSX parsing and also references index out of scope, so the admin frontend cannot compile once this commit is applied.

Useful? React with 👍 / 👎.